I'd much rather have multiple services, each of them isolated to the data that is relevant to providing their specific service than one service having it all.
I have no knowledge in general of this stuff, but my assumption is that your average company is horrible with security, but huge corporations dump tons of money into security (being a big target with the most users) making it more effective.
Not saying breaches never happen with apple or google of course, it's just less often than your trusty todo list app being pwned and your clear text passwords being dumped online.
You raise a very good point though. You can't judge the security of a company by any metric except their record. It would be interesting to have a registry that logs breaches, how severe they are, and give an overall rating to them.
